US6985438B1 - Method and apparatus for processing and forwarding data packets - Google Patents

Method and apparatus for processing and forwarding data packets Download PDF

Info

Publication number
US6985438B1
US6985438B1 US09/526,117 US52611700A US6985438B1 US 6985438 B1 US6985438 B1 US 6985438B1 US 52611700 A US52611700 A US 52611700A US 6985438 B1 US6985438 B1 US 6985438B1
Authority
US
United States
Prior art keywords
route table
token
selector
matched
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
US09/526,117
Inventor
Christian Tschudin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US11/146,589 priority Critical patent/US20050220102A1/en
Application granted granted Critical
Publication of US6985438B1 publication Critical patent/US6985438B1/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/56Routing software
    • H04L45/566Routing instructions carried by the data packet, e.g. active networks

Definitions

  • the present invention relates to a method for processing and forwarding data packets using at least one route table.
  • the current standard architecture for a data packet router in a computer network comprises a packet classification module, a routing module and a packet scheduler module.
  • a packet classification module assigns a class by the classification module and possibly also predefined processing is applied to it, such as checking the source address, changing or adding some header fields, decrementing the time-to-live (TTL) field, dropping it if the TTL value reaches 0 etc.
  • TTL time-to-live
  • the routing module uses the resulting class and packet header to evaluate the packet's further route. For this purpose it contains a forwarding information base which usually has the form of a route table and merely serves as “signpost” for the data packets to be transmitted.
  • additional processing may apply to the packet, before the packet is put, as a third main step, in at least one packet queue that is controlled by the packet scheduler.
  • Streamlined variants of the above process exist, where a packet is directly copied from the incoming network interface card that may have its own forwarding information base to an outgoing interface card.
  • FIG. 1 This standard procedure, the so-called “fast data path” of a router, is illustrated in FIG. 1 .
  • the route table i.e. the “signpost” for data packets
  • the procedure itself is a static pipeline operating on incoming data packets.
  • the set of instructions applied to a packet is rather limited and predetermined by the packet's type (class).
  • Reconfiguration of a data router e.g. said updating of the route table, is achieved by special purpose “signaling” protocols. Data packets that belong to such a protocol are removed from the fast data path and are passed to external processing modules capable of handling the signaling protocol.
  • the router hosts one or more execution entities EE i to EE n which are responsible for interpreting program instructions contained in “active packets”, namely data packets that themselves contain the program to be applied to them, or other signaling information.
  • FIG. 3 the control flow for a single packet inside a traditional and possibly active router in this standard approach can be depicted as shown in FIG. 3 .
  • a program store drives the Central Processing Unit (CPU) and the CPU reads from the route table for making routing decisions. Accessing the route table is necessary for almost every data packet that enters the system. Actual routers may have multiple CPUs, program and data stores.
  • CPU Central Processing Unit
  • this object is achieved by means of a method for processing and forwarding data packets comprising the steps of:
  • an apparatus for the processing of data packets in the fast data path while it can be dynamically reprogrammed at the same time, namely an apparatus comprising the following items:
  • At least one routing table is provided that comprises entries containing operation code or a program for the execution of an operation.
  • the programmable packet processing method of the present invention replaces the routing module of classical packet routers and merges it with the execution entity modules as previously introduced.
  • FIG. 4 shows, on the same level of abstraction as FIG. 3 , this merging and the resulting control path for data packets.
  • the method and apparatus according to the invention make it possible that standard operating and routing of data packets and dynamic reprogramming of the router take place in the same fast data path. Thus, reprogramming as well as routing is faster and handled more uniformly than by the methods and devices known so far.
  • an incoming data packet preferably contains itself the information on what operation is executed on it by having assigned a selector, i.e. an indexing datum to be matched with a route table input index field, that matches a route table index field that belongs to a certain operation to be executed on the packet. Therefore, any packet most naturally plays an active role instead of a passive role of the data packets in standard routing methods upon which pre-defined operations are executed.
  • a selector may even refer to an operation that transfers another operation stored within the packet to the routing table and thus activates it. In this way, the concept of “active packets” is naturally embedded by the invention in the classical routing concept.
  • a further advantage of the method according to the present invention is that it allows the routing module to particularly quickly access information about the processing to be applied to a packet and its path since all the required information is contained in one selector field which may be a predefined bit field in the header of the packet.
  • Conventional routing includes a relatively time consuming search for relevant information within a packet header.
  • a still further advantage of the present invention is that it is completely compatible to prior art routing and that the forwarding behavior of a classical routing module can be provided.
  • the execution model according to the present invention is an alternate computing model to the “von Neumann” model and is a hybrid with elements of a data flow—as well as of a “von Neumann”-model approach.
  • a structural similarity to a data flow machine is given by the fact that instructions are stored inside the route table while data items (i.e. selector+packet tokens) flow through these operations.
  • the method according to the invention can also host a “von Neumann” style of program by having one selector+packet token represent one flow of control. Each control flow then picks one instruction after the other, it therefore operates on the token's data as well as on the route table itself.
  • the method according to the invention easily and naturally enables parallel computing. It just has to be allowed for the possibility that different tokens are matched to different route table entries at the same time and the corresponding operations are executed simultaneously. Parallel computing is even better be taken advantage of if the matching of tokens with route table entries is carried out in a non-deterministic instead of in a deterministic way.
  • the method according to the present invention allows to implement distributed processing on different processing entities in a rather straightforward manner.
  • FIGS. 1–3 show various prior art routing systems
  • FIG. 4 illustrates a control path for data packets in accordance with the invention.
  • FIG. 5 shows a routing module in accordance with the invention.
  • FIG. 5 schematically depicts a block diagram of this embodiment of the method according to the invention.
  • the routing module to be described in the following is based on four elements:
  • sel in is an in-selector value serving as input index field, c an operation code, sel out an out-selector value serving as output index field and i an additional state.
  • i may contain information, such as an additional selector value, queuing information or other additional processing information, to be used depending on the status of the packet to be processed.
  • This new routing module operates as follows:
  • the prior art's routing module's role is to map data packets, based on classifications and/or packet header fields, to the packet queues of the packet scheduler module.
  • This forwarding behavior of the prior art's routing module can also be provided by the above specified new routing module. To do that, the following steps have to be carried out:
  • the routing module works as a data flow computing device.
  • a structural similarity to a data flow machine is given by the fact that instructions are stored inside the route table while tokens “flow” through these operations.
  • selectors resemble the tags of data flow machines that identify the state and position of a token.
  • the matching and execution rules are different from classical data flow architectures (data-driven vs. demand-driven) as tokens can be discarded if there is no matching entry in the route table.
  • selectors are explicitly handled by the programs themselves instead of being an internal aspect of data flow execution.
  • the new routing module also enables the execution of arbitrary programs by the virtue of the repeated execution of instructions according to the steps 3 and 4. This can be done as follows:
  • the set of instructions has to contain minimal support for branching as well as memory access, allowing to conditionally divert program flows and to implement procedure calls:
  • the method according to the invention is used in the way described above, it essentially is a “von Neumann” computing device. As each control flow picks one instruction after the other, it operates on the token's data as well as on the route table itself. This operation mode will be discussed further below more concretely by way of examples 3 and 4.
  • route table entries For some applications based on parallel computing it may be attractive not to predetermine the selection of route table entries that match a given token. In this case, the selection of these route table entries will be carried out by the machine instead of the programmer and will therefore be non-deterministic instead of deterministic. As a consequence, the processor or the processors can optimize its/their work-load and thus enable even faster processing.
  • the programmable routing module outlined above enables a superset of classic router functionality as well as arbitrary programming to be implemented. It, however, is by no means the only embodiment of the invention and can be extended or modified in many respects.
  • multistage route tables or a plurality of route tables can be provided.
  • a selector of a token will then not only select the route table entry but also the route table of which the entry is part. In this way, a packet can jump between the different route tables, depending on its selector, the sel out values contained in the route table and/or other information. Therefore, operations contained in different route tables, and for instance one operation out of every route table, can be executed on a single packet in its path.
  • the selector of a token could also be divided into k parts, each of which refers to an other route table.
  • One route table entry can also contain more than one operation. In such a case, preferably all route table entries will have the same number of operations. Further, also additional fields or attributes such as fields for the priority, counters, access control lists, certificates, . . . may be provided for.
  • Operation code or a program contained in a route table entry can also exhibit a reference to an externally installed subroutine or any other software and/or hardware based device serving as an extension of said operation code or program. Further, there may be route table entries that, depending on the selector values and possibly also on the packet data of incoming tokens, can implement changes to these extensions as well as to other modules such as a packet classifier, a control unit or a scheduler of a router.
  • a route table is a table in the conceptual sense and does not have to be a table in the literal sense. Therefore, it can have a data structure that is different from a table structure and, for instance, have the structure of an array of records or a linked list of memory zones. It can also be in a compressed form and comprise auxiliary data structures, for instance hash tables, or other lookup mechanisms to access the route table entries.
  • the tokens do not need to have a ⁇ sel,pkt> form.
  • the selector information can also be contained explicitly or implicitly in the data packet and therefore has to be extracted or calculated from its contents.
  • additional attributes such as suspended flag, processing queue, priority, credentials, access rights, certificates etc.
  • additional attributes it can for instance be laid down that a packet is not allowed to make changes to the route table, that it is to be processed only after a certain condition is fulfilled, etc.
  • FIG. 5 A variety of possible further embodiments of the invention concerns the data flow architecture.
  • the present invention relates to an execution model ( FIG. 5 ) which is a hybrid with elements drawn from both, the “von Neumann” and from the data flow side.
  • An apparatus namely a router, comprises the following elements:
  • router table stored programs are given in order to make the invention concrete.
  • the examples refer to the routing module comprising one route table having entries with four fields described above as embodiment of the invention.
  • This packet format adheres to the convention that parameters for instructions and procedures are stored at the packet's head. Similarly, this convention will be extended for the subsequent examples and the packet's tail will be used for a stack of return addresses (selectors).
  • the forwarding branch procedure example-one( ) is implemented by the following route table content:
  • program execution starts with the first line of the table above. Note that the last line of the table above may or may not be present: The program will take care of correctly forwarding packets in both cases.
  • the following route table implements the recursive procedure example-two( ).
  • the token arrives selected for a selector value p, i.e. it initially has a sel value of p:
  • This example shows a method to store a program inside a remote route table by sending appropriate data packets. This is useful for having “path finder packets” to configure a remote node by downloading a program that will treat a data stream's subsequent packets.
  • route table entries An external representation of route table entries is required that is self-delimiting.
  • the following instruction depends on such a format:
  • the following route table program scans a data packet for route table entries and installs them.
  • the data packet must consist of a sequence of route table entries re i , followed by a zero selector field:
  • the selector DP is a well-known selector to be used for invoking the downloading program:
  • This download program can be extended by user provided enhancements, allowing to “bootstrap” fancier download procedures. If for example a “confirmed download” service is required, one can use the program above to blindly download the modified download program which, instead of executing the halt( ) instruction, returns a confirmation packet.
  • this example shows how to implement in-band programming where the program to be applied to a packet is carried inside the packet itself.
  • Various names are used synonymously for such packets: capsules, messengers or active packets.
  • the first modification relates to the packet format, where we presume that a second (start-) selector value follows the O-sel of the previous example:
  • the second modification concerns the packet handler program:
  • the forked token synchronizes with the main token when the later has finished installing the program. Synchronization is achieved via the queue that is identified by the id selector. Preferably, each active packet is assigned its own id value in order to avoid synchronization conflicts.
  • the main token remains at the head of this queue and continues to do so during the install loop.
  • the forked token inserts itself into the same queue, but will occupy the second position, thus block.
  • the main token halts and thus quits the token queue, the forked token advances to the head position and starts executing the freshly installed program. At this point, the token's packet data is identical to the data that the original token had when it entered the new routing module.
  • the init selector and the remaining packet payload are the two elements required to form a token: Classification of an incoming data packet is reduced to reading in the init-sel field.
  • the network architecture that is induced by such a router model requires that packet classification is performed upstream, or ultimately at the edge of such a network.
  • selectors can be turned into pointers to remote instructions: They allow to arbitrarily redirect the execution flow to one or more neighbor routers or route tables and to implement distributed algorithms. For redirection, one has to replace a route table entry by one or more FORW operations that send a packet to a remote node where processing will continue. The S out field of the table entry containing the FORW operation can then be used for specifying the selector for the remote target instruction.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The method and the apparatus for processing and forwarding data packets (pkt) in a computer network comprise at least one route table that contains entries each having an input index field (s-in), an operation code or a program (op) for the execution of an operation and an output selector field (s-out). The data packets (pkt) to be processed are each assigned a selector (sel) serving as indexing datum, the data packet (pkt) and the selector (sel) together constituting a token. The selector (sel) of a packet is matched with the input index field (s-in) of the entries of the at least one route table and the operation (op) contained in the matched route table entry or route table entries is/are executed on the matched token. This processing step can be repeated if the operation (op) results in one or more output token/tokens. Since according to the invention, programs to be executed on data packets (pkt) are stored in the route table, data packets (pkt) are directly processed in the fast data path, while at the same time the router can be dynamically reprogrammed.

Description

BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method for processing and forwarding data packets using at least one route table.
2. Description of the Prior Art
The current standard architecture for a data packet router in a computer network comprises a packet classification module, a routing module and a packet scheduler module. As a first step, an incoming data packet is assigned a class by the classification module and possibly also predefined processing is applied to it, such as checking the source address, changing or adding some header fields, decrementing the time-to-live (TTL) field, dropping it if the TTL value reaches 0 etc. As a second step, the routing module uses the resulting class and packet header to evaluate the packet's further route. For this purpose it contains a forwarding information base which usually has the form of a route table and merely serves as “signpost” for the data packets to be transmitted. Next, additional processing may apply to the packet, before the packet is put, as a third main step, in at least one packet queue that is controlled by the packet scheduler. Streamlined variants of the above process exist, where a packet is directly copied from the incoming network interface card that may have its own forwarding information base to an outgoing interface card.
This standard procedure, the so-called “fast data path” of a router, is illustrated in FIG. 1. Whereas the route table, i.e. the “signpost” for data packets, can be dynamically updated, the procedure itself is a static pipeline operating on incoming data packets. The set of instructions applied to a packet is rather limited and predetermined by the packet's type (class). Reconfiguration of a data router, e.g. said updating of the route table, is achieved by special purpose “signaling” protocols. Data packets that belong to such a protocol are removed from the fast data path and are passed to external processing modules capable of handling the signaling protocol.
Active networks add programmability to a router while still adhering to the same architecture (see FIG. 2): The router hosts one or more execution entities EEi to EEn which are responsible for interpreting program instructions contained in “active packets”, namely data packets that themselves contain the program to be applied to them, or other signaling information.
At a high level of abstraction, the control flow for a single packet inside a traditional and possibly active router in this standard approach can be depicted as shown in FIG. 3. A program store drives the Central Processing Unit (CPU) and the CPU reads from the route table for making routing decisions. Accessing the route table is necessary for almost every data packet that enters the system. Actual routers may have multiple CPUs, program and data stores.
If a whole classical routing system is regarded from the data flow architecture point of view, it represents an example of the data flow model: Data items are processed by stationary instructions. This is in contrast to the “von Neumann” computing model which is the dominant model for traditional computing. The “von Neumann” model is characterized by one or more control flows in motion that operate on data residing in explicitly addressed memory places.
SUMMARY OF THE INVENTION
It is the object of the present invention to provide a method that enables to process data packets in a computer network in the fast data path while simultaneously allowing to dynamically reprogram the router and to provide at the same time a new method for the execution of programs that makes parallel processing possible either in a data flow or in a “von Neumann” architecture.
According to the invention, this object is achieved by means of a method for processing and forwarding data packets comprising the steps of:
    • providing at least one route table comprising entries containing an input index field and at least one operation code or a program for the execution of an operation,
    • assigning a selector serving as indexing datum to each data packet, the data packet and its selector being parts of a token,
    • matching of the selector of a packet matched with the input index field of the entries of said at least one route table,
    • execution on the matched token of the at least one operation contained in the at least one matched route table entry.
According to an other aspect of the invention, an apparatus is provided for the processing of data packets in the fast data path while it can be dynamically reprogrammed at the same time, namely an apparatus comprising the following items:
    • at least one route table comprising entries containing an input index field and at least one of operation code and of a program for the execution of an operation,
    • means for assigning a selector serving as indexing datum to each data packet, the data packet and its selector being parts of a token,
    • means for matching the selector of a packet with the input index field of the entries of said at least one route table,
    • means for executing on the matched token the at least one operation contained in the at least one matched route table entry.
According to the invention, at least one routing table is provided that comprises entries containing operation code or a program for the execution of an operation. In this way, the programmable packet processing method of the present invention replaces the routing module of classical packet routers and merges it with the execution entity modules as previously introduced. FIG. 4 shows, on the same level of abstraction as FIG. 3, this merging and the resulting control path for data packets. The method and apparatus according to the invention make it possible that standard operating and routing of data packets and dynamic reprogramming of the router take place in the same fast data path. Thus, reprogramming as well as routing is faster and handled more uniformly than by the methods and devices known so far.
Further, an incoming data packet preferably contains itself the information on what operation is executed on it by having assigned a selector, i.e. an indexing datum to be matched with a route table input index field, that matches a route table index field that belongs to a certain operation to be executed on the packet. Therefore, any packet most naturally plays an active role instead of a passive role of the data packets in standard routing methods upon which pre-defined operations are executed. A selector may even refer to an operation that transfers another operation stored within the packet to the routing table and thus activates it. In this way, the concept of “active packets” is naturally embedded by the invention in the classical routing concept.
A further advantage of the method according to the present invention is that it allows the routing module to particularly quickly access information about the processing to be applied to a packet and its path since all the required information is contained in one selector field which may be a predefined bit field in the header of the packet. Conventional routing includes a relatively time consuming search for relevant information within a packet header.
A still further advantage of the present invention is that it is completely compatible to prior art routing and that the forwarding behavior of a classical routing module can be provided.
The method according to the invention, in addition to being a method for routing of packets containing simple data, also enables the execution of arbitrary programs. From the data flow architecture point of view, the execution model according to the present invention is an alternate computing model to the “von Neumann” model and is a hybrid with elements of a data flow—as well as of a “von Neumann”-model approach. A structural similarity to a data flow machine is given by the fact that instructions are stored inside the route table while data items (i.e. selector+packet tokens) flow through these operations. However, the method according to the invention can also host a “von Neumann” style of program by having one selector+packet token represent one flow of control. Each control flow then picks one instruction after the other, it therefore operates on the token's data as well as on the route table itself.
The method according to the invention easily and naturally enables parallel computing. It just has to be allowed for the possibility that different tokens are matched to different route table entries at the same time and the corresponding operations are executed simultaneously. Parallel computing is even better be taken advantage of if the matching of tokens with route table entries is carried out in a non-deterministic instead of in a deterministic way.
Finally, the method according to the present invention allows to implement distributed processing on different processing entities in a rather straightforward manner.
BRIEF DESCRIPTION OF THE INVENTION
The preferred embodiments of the invention are described with reference to the accompanying drawings in which:
FIGS. 1–3 show various prior art routing systems;
FIG. 4 illustrates a control path for data packets in accordance with the invention; and
FIG. 5 shows a routing module in accordance with the invention.
DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT
In the following, a detailed description of an embodiment of the present invention, namely a routing module, is given with reference to FIG. 5, which schematically depicts a block diagram of this embodiment of the method according to the invention.
The routing module to be described in the following is based on four elements:
  • (a) A plurality of tokens of the form <sel,pkt>, where sel is a selector (or “tag”) serving as indexing datum and pkt is a data packet,
  • (b) a multi-set (“token bag”) for storing tokens,
  • (c) a route table consisting of entries, each containing the following fields:
selin c selout i

where selin is an in-selector value serving as input index field, c an operation code, selout an out-selector value serving as output index field and i an additional state. i may contain information, such as an additional selector value, queuing information or other additional processing information, to be used depending on the status of the packet to be processed.
  • (d) a control unit (CU).
This new routing module operates as follows:
  • 1. A <sel,pkt> token arrives from the packet classification module and is put into the multi-set.
  • 2. The control unit picks and removes a token from the multi-set.
  • 3. The token's selector value sel is used to locate all entries in the route table that have a matching selin field. Tokens for which no matching in-selector values can be found are discarded. Alternatively, they are processed by a default processing routine.
  • 4. For each matching entry, the corresponding operation c is performed:
    • If the operation is a FORW (forward) operation, the token's packet data is put into a queue of the subsequent packet scheduler module. Information about which queue to use is either stored in the entry's state field i, is computed from the packet's data, or is otherwise provided.
    • If the operation is a HALT operation, the token is destroyed and no output token is generated.
    • For any other operation, one or more new tokens are generated that contain the possibly modified packet data of the input token. The new tokens' sel values are either copied from the selout field of the route table entry, or otherwise computed.
  • 5. New tokens, if any were generated, are put in the multi-set.
  • 6. Processing continues with step 1 or 2.
The prior art's routing module's role is to map data packets, based on classifications and/or packet header fields, to the packet queues of the packet scheduler module. This forwarding behavior of the prior art's routing module can also be provided by the above specified new routing module. To do that, the following steps have to be carried out:
Unicast Forwarding:
  • (a) The packet classifier (c.f. FIGS. 1 and 2) is configured such that it provides a selector for each data packet type. Unclassifiable packets are assigned a default selector. The packets are subsequently put in the multi-set (“token bag”) depicted in FIG. 5.
  • (b) The routing table is configured such that each potential selector value has exactly one entry.
  • (c) A special operation code c is defined and an associated procedure is implemented in the route table and an entry is defined whose selin value corresponds to the default selector. The procedure thus treats the packets that were classified in the default category and which therefore need special matching rules (e.g. longest prefix for IP addresses: Such an operation most likely makes use of the entry's additional state i). The said operation either outputs a new token whose selector value indexes another entry in the route table that contains the FORW operation and puts this token in the token bag, or it directly performs the FORW.
    Multicast Forwarding:
The same approach as above is used, except that multiple entries exist in the route table which have the same selin value. Two cases are possible:
  • (1) The classifier assigns such an ambiguous selector value. Steps 3 and 4 will automatically take care of multiplying the incoming data packet,
  • (2) The classifier assigns an unambiguous selector. However, one or more of the subsequent operations c create a new token with a selector value for which multiple entries exist.
Applied in the above way for routing, the routing module works as a data flow computing device. A structural similarity to a data flow machine is given by the fact that instructions are stored inside the route table while tokens “flow” through these operations. Also, selectors resemble the tags of data flow machines that identify the state and position of a token. However, we note that the matching and execution rules are different from classical data flow architectures (data-driven vs. demand-driven) as tokens can be discarded if there is no matching entry in the route table. Also, selectors are explicitly handled by the programs themselves instead of being an internal aspect of data flow execution.
In addition to being a further development of a classical routing module, the new routing module also enables the execution of arbitrary programs by the virtue of the repeated execution of instructions according to the steps 3 and 4. This can be done as follows:
    • Each thread of execution is mapped to one <sel,pkt> token.
    • The program instructions are stored as operations in the route table.
    • A token's selector value points to the next instruction to process. It plays the role of the “program counter” of other computing devices. Instructions which generate an output token are therefore required to choose the new selector value such that it points to the next instruction to be processed. This may be done by choosing the selector contained in the selout field of route table entries or by computing the new sel value.
    • Execution of a program flow ends when a selector value is matched with a route table entry containing an operation that does not generate an output token or when the resulting token has no matching entry.
For executing programs for general purposes, the set of instructions has to contain minimal support for branching as well as memory access, allowing to conditionally divert program flows and to implement procedure calls:
    • An instruction that is able to output tokens with different output selector values suffices to implement branching. The resulting selector value may depend on the token's packet data and/or any other state in the router, including the route table, the packet classifier and packet scheduler, and/or may even be assigned randomly.
    • Instructions to add, read, change and remove complete entries in the route table provide memory access. It is interesting to notice that such instructions to add, read and remove entries from the route table turn the present invention's routing module into a Turing complete computing device.
    • Together with instructions to store and retrieve selector values, e.g. inside a token's data packet, inside the route table, or in other places, the branching instructions enable procedure calls.
If the method according to the invention is used in the way described above, it essentially is a “von Neumann” computing device. As each control flow picks one instruction after the other, it operates on the token's data as well as on the route table itself. This operation mode will be discussed further below more concretely by way of examples 3 and 4.
Using the above described tools, the method according to the invention also most naturally leads to parallel computing. One has only to allow for the possibility that different tokens are matched with different route table entries simultaneously and to start with more than one token representing a program flow. For the case of the parallel execution of program flows, basic synchronization primitives must be provided:
    • By switching off the eligibility of tokens to be picked by the CU, i.e. by temporarily removing tokens from the multi-set (“token bag”), execution flows can be suspended.
    • Special instructions are provided to make suspended tokens re-eligible for execution, either explicitly (barriers, queues) and/or by environmental changes (e.g. a timeout or a condition to be fulfilled).
For some applications based on parallel computing it may be attractive not to predetermine the selection of route table entries that match a given token. In this case, the selection of these route table entries will be carried out by the machine instead of the programmer and will therefore be non-deterministic instead of deterministic. As a consequence, the processor or the processors can optimize its/their work-load and thus enable even faster processing.
By means of the above specified tools, the programmable routing module outlined above enables a superset of classic router functionality as well as arbitrary programming to be implemented. It, however, is by no means the only embodiment of the invention and can be extended or modified in many respects.
Instead of one route table as described above, multistage route tables or a plurality of route tables can be provided. In such a case it is for instance possible to map every execution entity (EEi) of a prior art routing module onto one route table and in this way to be able to make use of the wealth of tools developed for the prior art routers. A selector of a token will then not only select the route table entry but also the route table of which the entry is part. In this way, a packet can jump between the different route tables, depending on its selector, the selout values contained in the route table and/or other information. Therefore, operations contained in different route tables, and for instance one operation out of every route table, can be executed on a single packet in its path. Alternatively, if, for instance, k route tables are present, the selector of a token could also be divided into k parts, each of which refers to an other route table.
One route table entry can also contain more than one operation. In such a case, preferably all route table entries will have the same number of operations. Further, also additional fields or attributes such as fields for the priority, counters, access control lists, certificates, . . . may be provided for.
Operation code or a program contained in a route table entry can also exhibit a reference to an externally installed subroutine or any other software and/or hardware based device serving as an extension of said operation code or program. Further, there may be route table entries that, depending on the selector values and possibly also on the packet data of incoming tokens, can implement changes to these extensions as well as to other modules such as a packet classifier, a control unit or a scheduler of a router.
A route table is a table in the conceptual sense and does not have to be a table in the literal sense. Therefore, it can have a data structure that is different from a table structure and, for instance, have the structure of an array of records or a linked list of memory zones. It can also be in a compressed form and comprise auxiliary data structures, for instance hash tables, or other lookup mechanisms to access the route table entries.
The tokens do not need to have a <sel,pkt> form. The selector information can also be contained explicitly or implicitly in the data packet and therefore has to be extracted or calculated from its contents. For many system architectures it will also be advisable to give the tokens additional attributes, such as suspended flag, processing queue, priority, credentials, access rights, certificates etc. In such additional attributes it can for instance be laid down that a packet is not allowed to make changes to the route table, that it is to be processed only after a certain condition is fulfilled, etc.
A variety of possible further embodiments of the invention concerns the data flow architecture. As explained above, the present invention relates to an execution model (FIG. 5) which is a hybrid with elements drawn from both, the “von Neumann” and from the data flow side.
This hybrid approach is well in-line with the less strict view on data flow architectures that has emerged in recent years (multithreaded computers). However, in the present method for data packet processing and forwarding, tokens can flow in the network. Thus, data flow items are not confined anymore to one central processing unit but are transportable over the network. The selector concept, together with the “programmable route table” and the execution loop model of FIG. 5, are the key enabler for this approach. The method according to the invention is therefore also highly suited to be implemented using multiple processing elements.
An apparatus according to the invention, namely a router, comprises the following elements:
    • A device for receiving, processing and forwarding data, for instance a computer equipped with appropriate interfaces.
    • An implementation of the method for data packet processing and forwarding according to the invention on said device, for instance a program stored on the computer or a microprocessor the architecture of which is such that it supports the data flow and control flow architecture of the method according to the invention particularly the data and control flow as schematically depicted in FIG. 5.
While previously the method and apparatus according to the invention were discussed in a rather abstract way, in the following a few examples for router table stored programs are given in order to make the invention concrete. The examples refer to the routing module comprising one route table having entries with four fields described above as embodiment of the invention.
EXAMPLE 1 Forwarding Branch
Using a PASCAL like notation, we aim at implementing the following packet handling program with the new routing module:
    • PROC exampleone(s: selector);
    • CONST t: selector;
    • BEGIN
      • IF exists a route table entry with in-selector s THEN drop front packet header;
        • forward via selector s
      • ELSE
        • forward via selector t
      • FI
    • END.
      where the incoming packet has the following layout
    • (head) [sel s|payload](tail)
      and is classified for selector p on entry (thus, initially the token has the form <p,[s|payload]>).
This packet format adheres to the convention that parameters for instructions and procedures are stored at the packet's head. Similarly, this convention will be extended for the subsequent examples and the packet's tail will be used for a stack of return addresses (selectors).
The following instructions are needed to implement the first example program:
    • NOP token(s: selector)
    • token( ) is a pseudo operation that changes a token's selector value to the new value s before the token is put back into the token bag.
    • The token( ) pseudo operation can be realized by the stand-alone instruction NOP (no-operation) whose selout field has the value s:
selin NOP s
    • JCEX jumponexistence(a, b, c: selector)
    • A conditional jump is made i.e., the output token receives a new selector value depending on the content of the route table:
      • IF exists a route table entry with in-selector a THEN
        • token (b)
      • ELSE
        • token (c)
      • FI
    • By convention it is assumed that parameter a is stored as the first header field inside the token's packet data as described above, while b and c are stored in the route table entry of the JCEX instruction instance.
    • JH jumptoheader( )
    • The token's new selector value is taken from the token's packet header, and the packet length is trimmed accordingly:
      • VAR s: selector;
      • s :=pop front of packet header
      • token (s);
Using these three instructions, the forwarding branch procedure example-one( ) is implemented by the following route table content:
selin OP selout addtl. state
p JCEX t1 t2 jmp to t1 if hdr field (s) is
known, else jmp to t2
t1 JH pop hdr field and jump
there (s)
t2 FORW queue id forward
s FORW queue id forward
Packets arrive classified for selector p. Thus, program execution starts with the first line of the table above. Note that the last line of the table above may or may not be present: The program will take care of correctly forwarding packets in both cases.
EXAMPLE 2 Recursive Procedure Call
In this example, a procedure will recursively be called that pops a header field until it encounters a header field with a specific value m. The program should thus work like the following
    • PROC exampletwo( );
    • CONST m: selector;
    • VAR s: selector;
    • BEGIN
      • s :=pop packet header;
      • IF NOT (s=m) THEN
        • exampletwo ( )
      • FI
    • END.
      where the incoming packet has the following layout:
    • [s1|s2| . . . |m|payload].
In order for the “return addresses” ri of procedure calls to be stored, they we will be appended to the data packet's tail:
    • [ . . . |payload|r1| . . . |rn]
The following additional instructions are needed for this example program:
    • JC jumpconditional (a, b: selector)
    • Conditionally jumps to selector a, i.e. the output token has a as its selector value, if the packet's first header field is not the null selector. Otherwise, execution continues at selector b (the output token obtains the selector value b).
    • JT jumptotail( )
    • Pops the outermost tail field of the data packet which becomes the output token's new selector value. The data packet's length is reduced accordingly.
    • POPH popheader( )
    • Removes (drops) the first header field of the data packet
    • PUSHT pushtail(selector s)
    • Extends the data packet by the selector value s.
    • XOR xor(s: selector)
    • Performs a bit-wise XOR operation on the packet's first header field with s.
The following route table implements the recursive procedure example-two( ). As in the previous example, the token arrives selected for a selector value p, i.e. it initially has a sel value of p:
selin OP selout addtl. state
p PUSHT t0 t6 save return addr t6, jmp to proc
at t0
t0 XOR t1 m start of proc: compare with m
t1 JC t2 t4 jump to t4 if equal (i.e. first
header field = 0)
t2 POPH t3 drop first header field
t3 PUSHT t0 t5 save return address t5, jmp to
proc at t0
t4 POPH t5 drop first header field
t5 JT return from proc call
t6 FORW queue id forward trimmed packet, end of
example program
EXAMPLE 3 Stream Programming (Program Downloading)
This example shows a method to store a program inside a remote route table by sending appropriate data packets. This is useful for having “path finder packets” to configure a remote node by downloading a program that will treat a data stream's subsequent packets.
An external representation of route table entries is required that is self-delimiting. The following instruction depends on such a format:
    • ADDOP addoperation(r: routetableentry)
    • The routetableentry (Sin,op,Sout and additional state) is popped from the packet's header and placed in the route table. The length of the data packet is accordingly decreased.
    • HALT halt( )
    • Discards the current token (i.e., ends the current program flow).
The following route table program scans a data packet for route table entries and installs them. For this, the data packet must consist of a sequence of route table entries rei, followed by a zero selector field:
    • [re1| . . . | ren|0-sel|payload]
Furthermore, the following program, the “packet handler program”, is permanently stored inside the route table. The selector DP is a well-known selector to be used for invoking the downloading program:
selin OP selout addtl. state
DP JC t0 t1 start of download proc: 0-sel?
t0 ADDOP DP install new table entry, loop
t1 HALT end of proc
This download program can be extended by user provided enhancements, allowing to “bootstrap” fancier download procedures. If for example a “confirmed download” service is required, one can use the program above to blindly download the modified download program which, instead of executing the halt( ) instruction, returns a confirmation packet.
EXAMPLE 4 Active Packets
Instead of having a pre-stored program being applied to data packets, this example shows how to implement in-band programming where the program to be applied to a packet is carried inside the packet itself. Various names are used synonymously for such packets: capsules, messengers or active packets.
One approach consists in extending the stream programming example above in two ways. The first modification relates to the packet format, where we presume that a second (start-) selector value follows the O-sel of the previous example:
    • [re1| . . . |ren|0-sel|start-sel|payload]
The second modification concerns the packet handler program:
selin OP selout addtl. state
AP JC t0 t1 active packet proc: 0-sel?
t0 ADDOP AP install new table entry, loop
t1 POPH t2 drop null selector
t2 JH jump to start selector
The disadvantage of this approach is that the in-band program is stripped from the packet, preventing self-routing packets to keep their code base as they travel in an active network. The second approach below fixes this problem by introducing the following concurrency related instructions:
    • QIN queuein(s: selector)
    • The current token is “put into a token queue”, the queue is identified by the selector s at the packet's first header position, this header field is removed and the packet length is adjusted accordingly.
    • Only the token which is at the head of the token queue is eligible for execution, other tokens in the queue have to wait until they advance to the head position. Tokens can be in at most one token queue at any time. Switching to another queue implicitly removes the token from its former queue it was in. Terminating a token (e.g. using the HALT operation) also frees the head position of the token's current queue.
    • FORK fork(a, b: selector)
    • This operation outputs two tokens. Both have the same packet data but different selector values (a or b). There is no parent/child relation between the forked tokens, although the token with the selector a inherits all input token attributes, e.g. position in a token queue, while the attributes of the other token are reset to some default value.
    • DUPH duphead(s: selector)
    • Duplicates the selector s at the packet's head. This results in a larger data packet that starts with two identical header fields.
    • DUPT duptail ( )
    • Duplicates the selector at the packet's tail. This results in a larger data packet that ends with two identical tail fields.
Active packets need to have the internal format
    • [id-sel|re1| . . . |ren|0-sel|payload|start-sel]
      for being processed by the following extended active packet loader program:
selin OP selout addtl. state
EAP DUPH t0 extd active pkt loader: dup id sel
t0 QIN t1 put thread in the ‘id’ queue
t1 FORK t2 u0 fork
t2 JC t3 t4 install the pkts program: 0-sel?
t3 ADDOP t2 add new route table entry, loop
t4 HALT end (and quit the current queue)
u0 DUPH u1 the forked token, dup id selector
u1 QIN u2 put thread in the ‘id’ queue, block
u2 DUPT u3 dup start selector at the tail
u3 JT jump to start selector
Note that the forked token synchronizes with the main token when the later has finished installing the program. Synchronization is achieved via the queue that is identified by the id selector. Preferably, each active packet is assigned its own id value in order to avoid synchronization conflicts. Despite the fork( ) operation, the main token remains at the head of this queue and continues to do so during the install loop. The forked token inserts itself into the same queue, but will occupy the second position, thus block. When the main token halts and thus quits the token queue, the forked token advances to the head position and starts executing the freshly installed program. At this point, the token's packet data is identical to the data that the original token had when it entered the new routing module.
EXAMPLE 5 Beyond a Single Router—Distributed Programming and a Router Model with Trivial Classification Module
In this example it will be shown that the concept of instructions at the route table level that explicitly point to the next instruction can be seamlessly extended beyond the scope of a single router or route table to a net of processing entities. It suffices that a packet is transmitted together with its token selector value e.g. by choosing the following wire format that contains an initial selector field:
    • [init-sel|pkt]
The init selector and the remaining packet payload are the two elements required to form a token: Classification of an incoming data packet is reduced to reading in the init-sel field. Of course, the network architecture that is induced by such a router model requires that packet classification is performed upstream, or ultimately at the edge of such a network.
With the wire format presented above, selectors can be turned into pointers to remote instructions: They allow to arbitrarily redirect the execution flow to one or more neighbor routers or route tables and to implement distributed algorithms. For redirection, one has to replace a route table entry by one or more FORW operations that send a packet to a remote node where processing will continue. The Sout field of the table entry containing the FORW operation can then be used for specifying the selector for the remote target instruction.

Claims (17)

1. A method for processing and forwarding data packets comprising the steps of:
providing at least one route table comprising entries, at least one of which contains an input index field, an output index field, and at least one operation code or a program for the execution of an operation,
assigning a selector serving as indexing datum to each data packet, the data packet and its selector being parts of a token,
matching of the selector of a packet matched with the input index field of the entries of said at least one route table,
executing on the matched token of the at least one operation contained in the at least one matched route table entry,
and maintaining at least one multi-set of tokens, that every matched token is removed from said at least one multi-set, that the packet of such a matched token depending on the semantics of the operation referenced by the matched route table entry, is forwarded or destroyed or at least one new token is generated and again added to one of said at least one multi-set, the selector of said at least one new token being copied from the output index field of the matched route table entry or being otherwise computed.
2. Apparatus for processing and forwarding data packets wherein the following items are provided:
at least one route table comprising entries, at least one of which contains an input index field, an output index field, and at least one operation code or a program for the execution of an operation,
means for assigning a selector serving as indexing datum to each data packet, the data packet and its selector being parts of a token,
means for matching the selector of a packet with the input index field of the entries of said at least one route table,
means for executing on the matched token the at least one operation contained in the at least one matched route table entry
and means for maintaining at least one multi-set of tokens, that every matched token is removed from said at least one multi-set, that the packet of such a matched token depending on the semantics of the operation referenced by the matched route table entry, is forwarded or destroyed or at least one new token is generated and again added to one of said at least one multi-set, the selector of said at least one new token being copied from the output index field of the matched route table entry or being otherwise computed.
3. The apparatus of claim 2, comprising at least one microprocessor the architecture of which implements at least one of said items.
4. A method for processing and forwarding data packets comprising the steps of:
providing at least one route table comprising entries, at least one of which contains an input index field, an output index field, and at least one operation code for an action other than forwarding data packets or a program for the execution of a respective operation,
assigning a selector serving as indexing datum to each data packet, the data packet and its selector being parts of a token,
matching of the selector of a packet matched with the input index field of the entries of said at least one route table,
executing on the matched token of the at least one operation contained in the at least one matched rout table entry, maintaining at least one multi-set of tokes such that every matched token is removed from said at least one multi-set and that the packet of such a matched token, depending on the semantics of the operation referenced by the matched route table entry, is forwarded or destroyed or at least one new token is generated and again added to one of said at least one multi-sets, the selector of said at least one new token being copied from the output index field of the matched route table entry or being otherwise computed.
5. The method of claim 1, wherein tokens can be temporarily removed from said at least one multi-set and reinserted later on.
6. The method of claim 1, wherein a control unit is provided which selects the tokens from the multi-set to be matched with entries of the route table.
7. The method of claim 1, wherein the route table comprises at least one entry containing one of an operation code or a program that can take care of at least one of entering parts of the contents of a data packet containing operation code into a route table entry and of removing or changing existing route table entries.
8. The method of claim 1, wherein said at least one of an operation code or a program contained in at least one route table entry comprises a reference to an externally installed subroutine and and any other software or hardware based device serving as an extension.
9. The method of claim 8, wherein the route table comprises at least one entry containing at least one of an operation code or a program that can take care of altering an extension or other modules based on information contained in a data packet.
10. The method of claim 7, wherein at least one token containing an operation code is assigned a program flow and at least one of the operation code and its selector and other data stored in said at least one token is formed such that the program flow is executed based on information contained in the token and in the route table.
11. The method of claim 1, wherein tokens for which no match with entries of the route table is possible, are deleted.
12. The method of claim 1, wherein at least one default processing routine is provided and wherein tokens for which no match with an input index field of an entry of the at least one route table is possible are processed by one of said at least one default processing routines.
13. The method of claim 1, wherein the at least one route table is implemented as an array or set of records having the structure of regular or consecutive memory zones, linked lists of memory zones, trees of memory zones or combinations thereof.
14. The method of claim 1, wherein one or more auxiliary hash tables or indirection pointers are provided to access the entries of said at least one route table.
15. The method of claims claim 1, wherein at least one route table entry contains more than one operation.
16. The method of claims claim 1, wherein the selection of route table entries that match a given token is non-deterministic.
17. The method of claims claim 1, wherein a token's indexing datum is one of being embedded in and of being deductible from the token's data packet.
US09/526,117 1999-09-20 2000-03-15 Method and apparatus for processing and forwarding data packets Expired - Fee Related US6985438B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/146,589 US20050220102A1 (en) 1999-09-20 2005-06-07 Method and apparatus for processing and forwarding data packets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP99810833.6A EP1085711B1 (en) 1999-09-20 1999-09-20 Method and apparatus for processing and forwarding data packets

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/146,589 Continuation US20050220102A1 (en) 1999-09-20 2005-06-07 Method and apparatus for processing and forwarding data packets

Publications (1)

Publication Number Publication Date
US6985438B1 true US6985438B1 (en) 2006-01-10

Family

ID=8243029

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/526,117 Expired - Fee Related US6985438B1 (en) 1999-09-20 2000-03-15 Method and apparatus for processing and forwarding data packets
US11/146,589 Abandoned US20050220102A1 (en) 1999-09-20 2005-06-07 Method and apparatus for processing and forwarding data packets

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/146,589 Abandoned US20050220102A1 (en) 1999-09-20 2005-06-07 Method and apparatus for processing and forwarding data packets

Country Status (2)

Country Link
US (2) US6985438B1 (en)
EP (1) EP1085711B1 (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030223361A1 (en) * 2002-06-04 2003-12-04 Zahid Hussain System and method for hierarchical metering in a virtual router based network switch
US20050025151A1 (en) * 2003-02-11 2005-02-03 Alcatel Early-processing request for an active router
US20050220102A1 (en) * 1999-09-20 2005-10-06 Christian Tschudin Method and apparatus for processing and forwarding data packets
US20050232150A1 (en) * 2003-06-03 2005-10-20 Kazuto Nishimura Flow control method and apparatus thereof
US20060101159A1 (en) * 2004-10-25 2006-05-11 Alcatel Internal load balancing in a data switch using distributed network processing
US7177311B1 (en) 2002-06-04 2007-02-13 Fortinet, Inc. System and method for routing traffic through a virtual router-based network switch
US20070058648A1 (en) * 2001-06-28 2007-03-15 Fortinet, Inc. Identifying nodes in a ring network
US20070073733A1 (en) * 2000-09-13 2007-03-29 Fortinet, Inc. Synchronized backup of an object manager global database as part of a control blade redundancy service
US7203192B2 (en) 2002-06-04 2007-04-10 Fortinet, Inc. Network packet steering
US7266120B2 (en) 2002-11-18 2007-09-04 Fortinet, Inc. System and method for hardware accelerated packet multicast in a virtual routing system
US7278055B2 (en) 2002-08-29 2007-10-02 Fortinet, Inc. System and method for virtual router failover in a network routing system
US7340535B1 (en) 2002-06-04 2008-03-04 Fortinet, Inc. System and method for controlling routing in a virtual router system
US7376125B1 (en) * 2002-06-04 2008-05-20 Fortinet, Inc. Service processing switch
US20090225754A1 (en) * 2004-09-24 2009-09-10 Fortinet, Inc. Scalable ip-services enabled multicast forwarding with efficient resource utilization
US20100094980A1 (en) * 2000-09-13 2010-04-15 Fortinet, Inc. Managing and provisioning virtual routers
US7843813B2 (en) 2004-11-18 2010-11-30 Fortinet, Inc. Managing hierarchically organized subscriber profiles
US7912936B2 (en) 2000-09-13 2011-03-22 Nara Rajagopalan Managing interworking communications protocols
US20110219086A1 (en) * 2006-03-01 2011-09-08 Fortinet, Inc. Electronic message and data tracking system
US8040888B1 (en) 2007-12-17 2011-10-18 Integrated Device Technology, Inc. Packet switch with port route tables
US8250357B2 (en) 2000-09-13 2012-08-21 Fortinet, Inc. Tunnel interface for securing traffic over a network
US8260918B2 (en) 2000-09-13 2012-09-04 Fortinet, Inc. Packet routing system and method
US8503463B2 (en) 2003-08-27 2013-08-06 Fortinet, Inc. Heterogeneous media packet bridging

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1248416A1 (en) * 2001-04-04 2002-10-09 Alcatel System, and packet signal, and network-unit and method
US10205666B2 (en) * 2013-07-29 2019-02-12 Ampere Computing Llc End-to-end flow control in system on chip interconnects
US10027601B2 (en) * 2015-06-03 2018-07-17 Mellanox Technologies, Ltd. Flow-based packet modification
CN109587084A (en) * 2015-12-30 2019-04-05 华为技术有限公司 A kind of message storage forwarding method and circuit and equipment
US9998225B2 (en) * 2016-08-06 2018-06-12 OE Solutions Co., Ltd. Protected ethernet ring with small form-factor pluggable devices
CN111543034B (en) * 2017-09-29 2021-12-10 华为技术有限公司 Self-describing packet headers for parallel processing
US10972397B2 (en) 2017-09-29 2021-04-06 Futurewei Technologies, Inc. Self-driving packets with conditional commands

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4679189A (en) 1985-11-27 1987-07-07 American Telephone And Telegraph Company Alternate routing arrangement
US6034958A (en) * 1997-07-11 2000-03-07 Telefonaktiebolaget Lm Ericsson VP/VC lookup function
US6069895A (en) * 1997-08-29 2000-05-30 Nortel Networks Corporation Distributed route server
US6157641A (en) * 1997-08-22 2000-12-05 Cisco Technology, Inc. Multiprotocol packet recognition and switching
US6434144B1 (en) * 1998-07-06 2002-08-13 Aleksey Romanov Multi-level table lookup
US6526055B1 (en) * 1998-10-20 2003-02-25 Sun Microsystems, Inc. Method and apparatus for longest prefix address lookup
US6570876B1 (en) * 1998-04-01 2003-05-27 Hitachi, Ltd. Packet switch and switching method for switching variable length packets

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1085711B1 (en) * 1999-09-20 2013-06-05 Christian Prof. Dr. Tschudin Method and apparatus for processing and forwarding data packets

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4679189A (en) 1985-11-27 1987-07-07 American Telephone And Telegraph Company Alternate routing arrangement
US6034958A (en) * 1997-07-11 2000-03-07 Telefonaktiebolaget Lm Ericsson VP/VC lookup function
US6157641A (en) * 1997-08-22 2000-12-05 Cisco Technology, Inc. Multiprotocol packet recognition and switching
US6567404B1 (en) * 1997-08-22 2003-05-20 Cisco Technologies, Inc. Multiprotocol packet recognition and switching
US6069895A (en) * 1997-08-29 2000-05-30 Nortel Networks Corporation Distributed route server
US6570876B1 (en) * 1998-04-01 2003-05-27 Hitachi, Ltd. Packet switch and switching method for switching variable length packets
US6434144B1 (en) * 1998-07-06 2002-08-13 Aleksey Romanov Multi-level table lookup
US6526055B1 (en) * 1998-10-20 2003-02-25 Sun Microsystems, Inc. Method and apparatus for longest prefix address lookup

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
Banches et al., "Multicasting Multimedia Streams with Active Networks", IEEE, 1998. *
European Search Report.
Report "Multicasting Streams with Active Networks", 23<SUP>rd </SUP>Annual Conference on Local Computer Networks, LCN-98, Oct. 11-14, 1998, p.p. 150-159.
Smith et al., "Activating Neetworks: A Progress Report", IEEE, 1999. *
Smith J.M. et al., "Active Networks: Progress Report" Computer, U.S., IEEE Computer Society, No. 4, Apr. 4, 1999, p.p. 32-41.

Cited By (78)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050220102A1 (en) * 1999-09-20 2005-10-06 Christian Tschudin Method and apparatus for processing and forwarding data packets
US8250357B2 (en) 2000-09-13 2012-08-21 Fortinet, Inc. Tunnel interface for securing traffic over a network
US8260918B2 (en) 2000-09-13 2012-09-04 Fortinet, Inc. Packet routing system and method
US9160716B2 (en) 2000-09-13 2015-10-13 Fortinet, Inc. Tunnel interface for securing traffic over a network
US9258280B1 (en) 2000-09-13 2016-02-09 Fortinet, Inc. Tunnel interface for securing traffic over a network
US8320279B2 (en) 2000-09-13 2012-11-27 Fortinet, Inc. Managing and provisioning virtual routers
US8255510B2 (en) 2000-09-13 2012-08-28 Fortinet, Inc. Switch management system and method
US9391964B2 (en) 2000-09-13 2016-07-12 Fortinet, Inc. Tunnel interface for securing traffic over a network
US7885207B2 (en) 2000-09-13 2011-02-08 Fortinet, Inc. Managing and provisioning virtual routers
US8069233B2 (en) 2000-09-13 2011-11-29 Fortinet, Inc. Switch management system and method
US20110128891A1 (en) * 2000-09-13 2011-06-02 Fortinet, Inc. Managing and provisioning virtual routers
US20070073733A1 (en) * 2000-09-13 2007-03-29 Fortinet, Inc. Synchronized backup of an object manager global database as part of a control blade redundancy service
US9124555B2 (en) 2000-09-13 2015-09-01 Fortinet, Inc. Tunnel interface for securing traffic over a network
US7912936B2 (en) 2000-09-13 2011-03-22 Nara Rajagopalan Managing interworking communications protocols
US9667604B2 (en) 2000-09-13 2017-05-30 Fortinet, Inc. Tunnel interface for securing traffic over a network
US9853948B2 (en) 2000-09-13 2017-12-26 Fortinet, Inc. Tunnel interface for securing traffic over a network
US7539744B2 (en) 2000-09-13 2009-05-26 Fortinet, Inc. Network operating system for maintaining redundant master control blade management information
US20100094980A1 (en) * 2000-09-13 2010-04-15 Fortinet, Inc. Managing and provisioning virtual routers
US9602303B2 (en) 2001-06-28 2017-03-21 Fortinet, Inc. Identifying nodes in a ring network
US7890663B2 (en) 2001-06-28 2011-02-15 Fortinet, Inc. Identifying nodes in a ring network
US20070058648A1 (en) * 2001-06-28 2007-03-15 Fortinet, Inc. Identifying nodes in a ring network
US8208409B2 (en) 2001-06-28 2012-06-26 Fortinet, Inc. Identifying nodes in a ring network
US7580373B2 (en) 2001-06-28 2009-08-25 Fortinet, Inc. Identifying nodes in a ring network
US9143351B2 (en) 2001-06-28 2015-09-22 Fortinet, Inc. Identifying nodes in a ring network
US9998337B2 (en) 2001-06-28 2018-06-12 Fortinet, Inc. Identifying nodes in a ring network
US20100189016A1 (en) * 2001-06-28 2010-07-29 Fortinet, Inc. Identifying nodes in a ring network
US7522604B2 (en) 2002-06-04 2009-04-21 Fortinet, Inc. Routing traffic through a virtual router-based network switch
US7668087B2 (en) 2002-06-04 2010-02-23 Fortinet, Inc. Hierarchical metering in a virtual router-based network switch
US8068503B2 (en) 2002-06-04 2011-11-29 Fortinet, Inc. Network packet steering via configurable association of processing resources and netmods or line interface ports
US20030223361A1 (en) * 2002-06-04 2003-12-04 Zahid Hussain System and method for hierarchical metering in a virtual router based network switch
US20090073977A1 (en) * 2002-06-04 2009-03-19 Fortinet, Inc. Routing traffic through a virtual router-based network switch
US7376125B1 (en) * 2002-06-04 2008-05-20 Fortinet, Inc. Service processing switch
US7340535B1 (en) 2002-06-04 2008-03-04 Fortinet, Inc. System and method for controlling routing in a virtual router system
US9019833B2 (en) 2002-06-04 2015-04-28 Fortinet, Inc. Service processing switch
US7203192B2 (en) 2002-06-04 2007-04-10 Fortinet, Inc. Network packet steering
US20100220732A1 (en) * 2002-06-04 2010-09-02 Fortinet, Inc. Service processing switch
US8848718B2 (en) 2002-06-04 2014-09-30 Google Inc. Hierarchical metering in a virtual router-based network switch
US8638802B2 (en) 2002-06-04 2014-01-28 Cisco Technology, Inc. Network packet steering via configurable association of packet processing resources and network interfaces
US8542595B2 (en) 2002-06-04 2013-09-24 Fortinet, Inc. Service processing switch
US7161904B2 (en) 2002-06-04 2007-01-09 Fortinet, Inc. System and method for hierarchical metering in a virtual router based network switch
US7720053B2 (en) 2002-06-04 2010-05-18 Fortinet, Inc. Service processing switch
US8306040B2 (en) 2002-06-04 2012-11-06 Fortinet, Inc. Network packet steering via configurable association of processing resources and network interfaces
US8111690B2 (en) 2002-06-04 2012-02-07 Google Inc. Routing traffic through a virtual router-based network switch
US9967200B2 (en) 2002-06-04 2018-05-08 Fortinet, Inc. Service processing switch
US8064462B2 (en) 2002-06-04 2011-11-22 Fortinet, Inc. Service processing switch
US9215178B2 (en) 2002-06-04 2015-12-15 Cisco Technology, Inc. Network packet steering via configurable association of packet processing resources and network interfaces
US7177311B1 (en) 2002-06-04 2007-02-13 Fortinet, Inc. System and method for routing traffic through a virtual router-based network switch
US8819486B2 (en) 2002-08-29 2014-08-26 Google Inc. Fault tolerant routing in a non-hot-standby configuration of a network routing system
US7278055B2 (en) 2002-08-29 2007-10-02 Fortinet, Inc. System and method for virtual router failover in a network routing system
US7761743B2 (en) 2002-08-29 2010-07-20 Fortinet, Inc. Fault tolerant routing in a non-hot-standby configuration of a network routing system
US20110185221A1 (en) * 2002-08-29 2011-07-28 Fortinet, Inc. Fault tolerant routing in a non-hot-standby configuration of a network routing system
US8412982B2 (en) 2002-08-29 2013-04-02 Google Inc. Fault tolerant routing in a non-hot-standby configuration of a network routing system
US10200275B2 (en) 2002-11-18 2019-02-05 Fortinet, Inc. Hardware-accelerated packet multicasting
US9407449B2 (en) 2002-11-18 2016-08-02 Fortinet, Inc. Hardware-accelerated packet multicasting
US8644311B2 (en) 2002-11-18 2014-02-04 Fortinet, Inc. Hardware-accelerated packet multicasting in a virtual routing system
US7266120B2 (en) 2002-11-18 2007-09-04 Fortinet, Inc. System and method for hardware accelerated packet multicast in a virtual routing system
US20050025151A1 (en) * 2003-02-11 2005-02-03 Alcatel Early-processing request for an active router
US7633862B2 (en) * 2003-06-03 2009-12-15 Fujitsu Limited Flow control method and apparatus thereof
US20050232150A1 (en) * 2003-06-03 2005-10-20 Kazuto Nishimura Flow control method and apparatus thereof
US9509638B2 (en) 2003-08-27 2016-11-29 Fortinet, Inc. Heterogeneous media packet bridging
US8503463B2 (en) 2003-08-27 2013-08-06 Fortinet, Inc. Heterogeneous media packet bridging
US9853917B2 (en) 2003-08-27 2017-12-26 Fortinet, Inc. Heterogeneous media packet bridging
US20090225754A1 (en) * 2004-09-24 2009-09-10 Fortinet, Inc. Scalable ip-services enabled multicast forwarding with efficient resource utilization
US9166805B1 (en) 2004-09-24 2015-10-20 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization
US9167016B2 (en) 2004-09-24 2015-10-20 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization
US8369258B2 (en) 2004-09-24 2013-02-05 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization
US9319303B2 (en) 2004-09-24 2016-04-19 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization
US8213347B2 (en) 2004-09-24 2012-07-03 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization
US10038567B2 (en) 2004-09-24 2018-07-31 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization
US7881244B2 (en) 2004-09-24 2011-02-01 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization
US20060101159A1 (en) * 2004-10-25 2006-05-11 Alcatel Internal load balancing in a data switch using distributed network processing
US7639674B2 (en) * 2004-10-25 2009-12-29 Alcatel Lucent Internal load balancing in a data switch using distributed network processing
US7876683B2 (en) 2004-11-18 2011-01-25 Fortinet, Inc. Managing hierarchically organized subscriber profiles
US7869361B2 (en) 2004-11-18 2011-01-11 Fortinet, Inc. Managing hierarchically organized subscriber profiles
US7843813B2 (en) 2004-11-18 2010-11-30 Fortinet, Inc. Managing hierarchically organized subscriber profiles
US7961615B2 (en) 2004-11-18 2011-06-14 Fortinet, Inc. Managing hierarchically organized subscriber profiles
US20110219086A1 (en) * 2006-03-01 2011-09-08 Fortinet, Inc. Electronic message and data tracking system
US8040888B1 (en) 2007-12-17 2011-10-18 Integrated Device Technology, Inc. Packet switch with port route tables

Also Published As

Publication number Publication date
US20050220102A1 (en) 2005-10-06
EP1085711B1 (en) 2013-06-05
EP1085711A1 (en) 2001-03-21

Similar Documents

Publication Publication Date Title
US6985438B1 (en) Method and apparatus for processing and forwarding data packets
US5509006A (en) Apparatus and method for switching packets using tree memory
US10764200B2 (en) Openflow match and action pipeline structure
US7307986B2 (en) State record processing
US10009273B2 (en) Apparatus and method of generating lookups and making decisions for packet modifying and forwarding in a software-defined network engine
US7917727B2 (en) Data processing architectures for packet handling using a SIMD array
US10516626B1 (en) Generating configuration data and API for programming a forwarding element
US6804815B1 (en) Sequence control mechanism for enabling out of order context processing
US6631466B1 (en) Parallel string pattern searches in respective ones of array of nanocomputers
US8555374B2 (en) High performance packet processing using a general purpose processor
CN103368853A (en) SIMD processing of network packets
US9083641B2 (en) Method and apparatus for improving packet processing performance using multiple contexts
CN110035006A (en) The individual networks equipment of Forwarding plane resetting
US7937495B2 (en) System and method for modifying data transferred from a source to a destination
US11743181B2 (en) High-level definition language for configuring internal forwarding paths of network devices
US9817594B2 (en) System and method for broadcasting data to multiple hardware forwarding engines
US10754666B1 (en) Hardware micro-services platform
Carlstrom et al. Synchronous dataflow architecture for network processors
EP1631906B1 (en) Maintaining entity order with gate managers
US20060129718A1 (en) Method and apparatus for pipelined processing of data packets
Muthulakshmi et al. ESP: a flexible, high-performance, PLD-based network service
US20040083337A1 (en) Content addressable memory with automated learning
US6654372B1 (en) Algorithm to bypass L4 processing in an internet protocol forwarding processor
US6700883B1 (en) Algorithm to bypass L4 processing in an internet protocol forwarding processor
Liljeqvist Visions and facts–a survey of network processors

Legal Events

Date Code Title Description
FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.)

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.)

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20180110